Mageia 2022-0031: expat security update
Summary
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places
in the storeAtts function in xmlparse.c can lead to realloc misbehavior
(e.g., allocating too few bytes, or only freeing memory). (CVE-2021-45960)
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer
overflow exists for m_groupSize. (CVE-2021-46143)
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an
integer overflow. (CVE-2022-22822)
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an
integer overflow. (CVE-2022-22823)
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an
integer overflow. (CVE-2022-22824)
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer
overflow. (CVE-2022-22825)
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an
integer overflow. (CVE-2022-22826)
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an
integer overflow. (CVE-2022-22827)
References
- https://bugs.mageia.org/show_bug.cgi?id=29902
- https://blog.hartwork.org/posts/expat-2-4-3-released/
- https://github.com/libexpat/libexpat/blob/R_2_4_3/expat/Changes
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827
Resolution
MGASA-2022-0031 - Updated expat packages fix security vulnerability
SRPMS
- 8/core/expat-2.2.10-1.1.mga8